Law Commons^™

Link Tank

DePaul Magazine

A new JD certificate program in information technology, cybersecurity and data privacy provides DePaul University students with proficiency in both law and tech.

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …

Professional Responsibility, Legal Malpractice, Cybersecurity, And Cyber-Insurance In The Covid-19 Era, Ethan S. Burger

St. Mary's Journal on Legal Malpractice & Ethics

In response to the COVID-19 outbreak, law firms conformed their activities to the Centers for Disease Control and Prevention (CDC), Occupational Safety and Health Administration (OSHA), and state health authority guidelines by immediately reducing the size of gatherings, encouraging social distancing, and mandating the use of protective gear. These changes necessitated the expansion of law firm remote operations, made possible by the increased adoption of technological tools to coordinate workflow and administrative tasks, communicate with clients, and engage with judicial and governmental bodies.

Law firms’ increased use of these technological tools for carrying out legal and administrative activities has implications …

Regulating Personal Data Usage In Covid-19 Control Conditions, Mark Findlay, Nydia Remolina

Centre for AI & Data Governance

As the COVID-19 health pandemic ebbs and flows world-wide, governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have capacity to amass and share personal data for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside times of real and present personal danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission (provided that the technology …

A Comprehensive Cybersecurity Policy For The United States Government According To Cyberattacks And Exploits In The 21st Century, Diana Hallisey

Honors Program Contracts

Adversaries launch cyberattacks or cyber-exploits with contrasting intentions and desired outcomes. A cyberattack is a malicious attempt by a state, third party, or individual to disrupt a computer’s network; whereas, a cyber-exploit is an action that uncovers and steals “confidential” information from a computer’s data. 1 Within this research paper, the main adversary of such cyberattacks and/or exploits will be the nation-state. The victims of these cyberattacks will range from multinational corporations, such as Sony, to nuclear programs in Iran. This essay will focus on four motivations behind such cyberattacks: (1) private sector hacking (the theft of intellectual property) (2) …

Hacking For Intelligence Collection In The Fight Against Terrorism: Israeli, Comparative, And International Perspectives, Asaf Lubin

Articles by Maurer Faculty

תקציר בעברית: הניסיון של המחוקק הישראלי להביא להסדרה מפורשת של סמכויות השב״כ במרחב הקיברנטי משקף מגמה רחבה יותר הניכרת בעולם לעיגון בחקיקה ראשית של הוראות בדבר פעולות פצחנות מצד גופי ביון ומודיעין ורשויות אכיפת חוק למטרות איסוף מודיעין לשם סיכול עבירות חמורות, ובייחוד עבירות טרור אם בעבר היו פעולות מסוג אלה כפופות לנהלים פנימיים ומסווגים, הרי שהדרישה לשקיפות בעידן שלאחר גילויי אדוארד סנודן מחד והשימוש הנרחב בתקיפות מחשב לביצוע פעולות חיפוש וחקירה לסיכול טרור מאידך, מציפים כעת את הדרישה להסמכה מפורשת. במאמר זה אבקש למפות הן את השדה הטכנולוגי והן את השדה המשפטי בכל האמור בתקיפות מחשבים למטרות ריגול ומעקב. …

Procure-To-Pay Software In The Digital Age: An Exploration And Analysis Of Efficiency Gains And Cybersecurity Risks In Modern Procurement Systems, Drew Lane

MPA/MPP/MPFM Capstone Projects

Procure-to-Pay (P2P) softwares are an integral part of the payment and procurement processing functions at large-scale governmental institutions. These softwares house all of the financial functions related to procurement, accounts payable, and often human resources, helping to facilitate and automate the process from initiation of a payment or purchase, to the actual disbursal of funds. Often, these softwares contain budgeting and financial reporting tools as part of the offering. As such an integral part of the financial process, these softwares obviously come at an immense cost from a set of reputable vendors. In the case of government, these vendors mainly …

Introducing The Global Data Privacy Prize, Fred H. Cate, Christopher Kuner, Orla Lynskey, Christopher Millard, Nora Ni Loideain, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Expanding The Artificial Intelligence-Data Protection Debate, Fred H. Cate, Christopher Kuner, Orla Lynskey, Christopher Millard, Nora Ni Loideain, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Cybersecurity And The New Era Of Space Activities, David P. Fidler

Articles by Maurer Faculty

No abstract provided.

Securing The Internet Of Healthcare, Michael Mattioli, Scott J. Shackelford, Steve Myers, Austin Brady, Yvette Wang, Stephanie Wong

Articles by Maurer Faculty

Cybersecurity, including the security of information technology (IT), is a critical requirement in ensuring society trusts, and therefore can benefit from, modern technology. Problematically, though, rarely a day goes by without a news story related to how critical data has been exposed, exfiltrated, or otherwise inappropriately used or accessed as a result of supply chain vulnerabilities. From the Russian government's campaign to influence the 2016 U.S. presidential election to the September 2017 Equifax breach of more than 140-million Americans' credit reports, mitigating cyber risk has become a topic of conversation in boardrooms and the White House, on Wall Street and …

Ispy: Threats To Individual And Institutional Privacy In The Digital World, Lori Andrews

All Faculty Scholarship

What type of information is collected, who is viewing it, and what law librarians can do to protect their patrons and institutions.

Ispy: Threats To Individual And Institutional Privacy In The Digital World, Lori Andrews

Lori B. Andrews

The Rise Of Cybersecurity And Its Impact On Data Protection, Fred H. Cate, Christopher Kuner, Dan Jerker B. Svantesson, Orla Lynskey, Christopher Millard

Articles by Maurer Faculty

No abstract provided.

Data Protection And Humanitarian Emergencies, Fred H. Cate, Christopher Kuner, Dan Jerker B. Svantesson, Orla Lynskey, Christopher Millard

Articles by Maurer Faculty

No abstract provided.

Cybersecurity Stovepiping, David Thaw

Articles

Most readers of this Article probably have encountered – and been frustrated by – password complexity requirements. Such requirements have become a mainstream part of contemporary culture: "the more complex your password is, the more secure you are, right?" So the cybersecurity experts tell us… and policymakers have accepted this "expertise" and even adopted such requirements into law and regulation.

This Article asks two questions. First, do complex passwords actually achieve the goals many experts claim? Does using the password "Tr0ub4dor&3" or the passphrase "correcthorsebatterystaple" actually protect your account? Second, if not, then why did such requirements become so widespread? …

Framing The Question, "Who Governs The Internet?", Robert J. Domanski

Publications and Research

There remains a widespread perception among both the public and elements of academia that the Internet is “ungovernable”. However, this idea, as well as the notion that the Internet has become some type of cyber-libertarian utopia, is wholly inaccurate. Governments may certainly encounter tremendous difficulty in attempting to regulate the Internet, but numerous types of authority have nevertheless become pervasive. So who, then, governs the Internet? This book will contend that the Internet is, in fact, being governed, that it is being governed by specific and identifiable networks of policy actors, and that an argument can be made as to …

Data Breach (Regulatory) Effects, David Thaw

Articles

No abstract provided.

The Data Protection Credibility Crisis, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson, Orla Lynskey

Articles by Maurer Faculty

No abstract provided.

Taking Stock After Four Years, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

The Efficacy Of Cybersecurity Regulation, David Thaw

Articles

Cybersecurity regulation presents an interesting quandary where, because private entities possess the best information about threats and defenses, legislatures do – and should – deliberately encode regulatory capture into the rulemaking process. This relatively uncommon approach to administrative law, which I describe as Management-Based Regulatory Delegation, involves the combination of two legislative approaches to engaging private entities' expertise. This Article explores the wisdom of those choices by comparing the efficacy of such private sector engaged regulation with that of a more traditional, directive mode of regulating cybersecurity adopted by the state legislatures. My analysis suggests that a blend of these …

The Business Of Privacy, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

The Extraterritoriality Of Data Privacy Laws -- An Explosive Issue Yet To Detonate, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

The End Of The Beginning, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Editorial, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Let's Not Kill All The Privacy Laws (And Lawyers), Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Privacy -- An Elusive Concept, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Moving Forward Together, Fred H. Cate, Christopher Kuner, Christopher Millard, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.